diff --git a/content/billing/scout-billing.md b/content/billing/scout-billing.md index 0e29db6613..b204247bad 100644 --- a/content/billing/scout-billing.md +++ b/content/billing/scout-billing.md @@ -4,8 +4,6 @@ description: Learn how to buy Docker Scout and manage your subscription keywords: payments, billing, subscription, scout --- -{{< include "scout-early-access.md" >}} - Docker Scout lets users secure their software supply chain and continuously observe and improve their security posture. Docker Scout is free for up to 3 repositories. You can buy Docker Scout Team or Docker Scout Business to turn on Docker Scout for additional repositories. See [Docker Scout subscription and features](../subscription/scout-details.md) to select the plan that works for you. In this section, learn how to buy Docker Scout Team in Docker Hub for your personal account or for an organization. To buy Docker Scout Business, [contact sales](https://www.docker.com/products/docker-scout/). diff --git a/content/engine/reference/commandline/scout.md b/content/engine/reference/commandline/scout.md index 1f7ede4aeb..c6cad32002 100644 --- a/content/engine/reference/commandline/scout.md +++ b/content/engine/reference/commandline/scout.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} \ No newline at end of file diff --git a/content/engine/reference/commandline/scout_cache.md b/content/engine/reference/commandline/scout_cache.md index 4960ff5f78..558cdc9610 100644 --- a/content/engine/reference/commandline/scout_cache.md +++ b/content/engine/reference/commandline/scout_cache.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} diff --git a/content/engine/reference/commandline/scout_cache_df.md b/content/engine/reference/commandline/scout_cache_df.md index c47551ea30..5ea62f1b37 100644 --- a/content/engine/reference/commandline/scout_cache_df.md +++ b/content/engine/reference/commandline/scout_cache_df.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} diff --git a/content/engine/reference/commandline/scout_cache_prune.md b/content/engine/reference/commandline/scout_cache_prune.md index 8e36bb7593..66ab36208c 100644 --- a/content/engine/reference/commandline/scout_cache_prune.md +++ b/content/engine/reference/commandline/scout_cache_prune.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} diff --git a/content/engine/reference/commandline/scout_compare.md b/content/engine/reference/commandline/scout_compare.md index bcb8eef5f9..a4d64cce29 100644 --- a/content/engine/reference/commandline/scout_compare.md +++ b/content/engine/reference/commandline/scout_compare.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} \ No newline at end of file diff --git a/content/engine/reference/commandline/scout_config.md b/content/engine/reference/commandline/scout_config.md index 6b70073341..b3c418f905 100644 --- a/content/engine/reference/commandline/scout_config.md +++ b/content/engine/reference/commandline/scout_config.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} diff --git a/content/engine/reference/commandline/scout_cves.md b/content/engine/reference/commandline/scout_cves.md index 6072b444d4..deec6e66f6 100644 --- a/content/engine/reference/commandline/scout_cves.md +++ b/content/engine/reference/commandline/scout_cves.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} \ No newline at end of file diff --git a/content/engine/reference/commandline/scout_enroll.md b/content/engine/reference/commandline/scout_enroll.md index 269f7bd978..256c211a80 100644 --- a/content/engine/reference/commandline/scout_enroll.md +++ b/content/engine/reference/commandline/scout_enroll.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} diff --git a/content/engine/reference/commandline/scout_environment.md b/content/engine/reference/commandline/scout_environment.md index 2dba8596c8..bb9d8f6350 100644 --- a/content/engine/reference/commandline/scout_environment.md +++ b/content/engine/reference/commandline/scout_environment.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} diff --git a/content/engine/reference/commandline/scout_policy.md b/content/engine/reference/commandline/scout_policy.md index 9a0120ff68..bb4302f27f 100644 --- a/content/engine/reference/commandline/scout_policy.md +++ b/content/engine/reference/commandline/scout_policy.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} diff --git a/content/engine/reference/commandline/scout_quickview.md b/content/engine/reference/commandline/scout_quickview.md index 25e258aa39..b5ff512eb7 100644 --- a/content/engine/reference/commandline/scout_quickview.md +++ b/content/engine/reference/commandline/scout_quickview.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} \ No newline at end of file diff --git a/content/engine/reference/commandline/scout_recommendations.md b/content/engine/reference/commandline/scout_recommendations.md index b221ca1698..55d2a885a7 100644 --- a/content/engine/reference/commandline/scout_recommendations.md +++ b/content/engine/reference/commandline/scout_recommendations.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} \ No newline at end of file diff --git a/content/engine/reference/commandline/scout_repo.md b/content/engine/reference/commandline/scout_repo.md index b86197b335..e33374730c 100644 --- a/content/engine/reference/commandline/scout_repo.md +++ b/content/engine/reference/commandline/scout_repo.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} \ No newline at end of file diff --git a/content/engine/reference/commandline/scout_repo_disable.md b/content/engine/reference/commandline/scout_repo_disable.md index d2c1af0476..e825ab917e 100644 --- a/content/engine/reference/commandline/scout_repo_disable.md +++ b/content/engine/reference/commandline/scout_repo_disable.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} \ No newline at end of file diff --git a/content/engine/reference/commandline/scout_repo_enable.md b/content/engine/reference/commandline/scout_repo_enable.md index d4af66607b..7bcf32b921 100644 --- a/content/engine/reference/commandline/scout_repo_enable.md +++ b/content/engine/reference/commandline/scout_repo_enable.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} \ No newline at end of file diff --git a/content/engine/reference/commandline/scout_repo_list.md b/content/engine/reference/commandline/scout_repo_list.md index c8f4bd06da..fb913150bd 100644 --- a/content/engine/reference/commandline/scout_repo_list.md +++ b/content/engine/reference/commandline/scout_repo_list.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} \ No newline at end of file diff --git a/content/engine/reference/commandline/scout_sbom.md b/content/engine/reference/commandline/scout_sbom.md index cc6d7b9299..64cfffdff0 100644 --- a/content/engine/reference/commandline/scout_sbom.md +++ b/content/engine/reference/commandline/scout_sbom.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} \ No newline at end of file diff --git a/content/engine/reference/commandline/scout_stream.md b/content/engine/reference/commandline/scout_stream.md index 8102e6ad2f..f52eb7eac9 100644 --- a/content/engine/reference/commandline/scout_stream.md +++ b/content/engine/reference/commandline/scout_stream.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} \ No newline at end of file diff --git a/content/engine/reference/commandline/scout_version.md b/content/engine/reference/commandline/scout_version.md index 06c5b6f93c..a1098204b2 100644 --- a/content/engine/reference/commandline/scout_version.md +++ b/content/engine/reference/commandline/scout_version.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} \ No newline at end of file diff --git a/content/engine/reference/commandline/scout_watch.md b/content/engine/reference/commandline/scout_watch.md index 20a7f49c7c..96f62d2f17 100644 --- a/content/engine/reference/commandline/scout_watch.md +++ b/content/engine/reference/commandline/scout_watch.md @@ -12,5 +12,3 @@ repository on GitHub: https://github.com/docker/scout-cli --> - -{{< include "scout-early-access.md" >}} diff --git a/content/includes/scout-early-access.md b/content/includes/scout-early-access.md deleted file mode 100644 index d216c78d49..0000000000 --- a/content/includes/scout-early-access.md +++ /dev/null @@ -1,8 +0,0 @@ -> **Early Access** -> -> Docker Scout secures the complete software supply chain by providing image -> analysis, real-time vulnerability identification, contextual remediation -> recommendations, and more. Now available in [early access](/release-lifecycle/#early-access-ea). -> -> Learn more on the [Docker Scout product page](https://docker.com/products/docker-scout). -{ .restricted } diff --git a/content/includes/scout-plans.md b/content/includes/scout-plans.md deleted file mode 100644 index d1abd6b50c..0000000000 --- a/content/includes/scout-plans.md +++ /dev/null @@ -1,3 +0,0 @@ -> **Info** -> -> The Docker Scout free plan gives you unlimited local image analysis and up to 3 remote repositories. [If you need more, upgrade your plan](/billing/scout-billing/). \ No newline at end of file diff --git a/content/scout/_index.md b/content/scout/_index.md index 6e81098818..62a9103242 100644 --- a/content/scout/_index.md +++ b/content/scout/_index.md @@ -35,15 +35,18 @@ grid: description: | The web interface for Docker Scout. icon: dashboard - - title: Policy {{< badge color=violet text=Beta >}} + - title: Policy {{< badge color=violet text="Early Access" >}} link: /scout/policy/ description: | Ensure that your artifacts align with supply chain best practices. icon: policy + - title: Upgrade + link: /billing/scout-billing/ + description: | + The free plan includes up to 3 repositories. Upgrade for more. + icon: upgrade --- -{{< include "scout-early-access.md" >}} - Container images are often built from layers of other container images and software packages. These layers and packages can contain vulnerabilities that make your containers and the applications they run vulnerable to attack. @@ -59,6 +62,4 @@ the [Docker Scout Dashboard](./dashboard.md). Docker Scout also supports integrations with third-party systems, refer to [Integrating Docker Scout](./integrations/index.md) for more information. -{{< include "scout-plans.md" >}} - {{< grid >}} diff --git a/content/scout/advisory-db-sources.md b/content/scout/advisory-db-sources.md index 77b0a7986c..9a591b085d 100644 --- a/content/scout/advisory-db-sources.md +++ b/content/scout/advisory-db-sources.md @@ -5,8 +5,6 @@ keywords: scanning, analysis, vulnerabilities, Hub, supply chain, security title: Advisory database sources and matching service --- -{{< include "scout-early-access.md" >}} - Docker Scout is a service that helps developers and security teams build and maintain a secure software supply chain. A key component of this is the ability to assess your software artifacts against a reliable source of vulnerability diff --git a/content/scout/dashboard.md b/content/scout/dashboard.md index f64c6ee60b..d161bfbf9a 100644 --- a/content/scout/dashboard.md +++ b/content/scout/dashboard.md @@ -8,56 +8,64 @@ aliases: - /scout/web-app/ --- -{{< include "scout-early-access.md" >}} - The Docker Scout Dashboard helps you share the analysis of images in an organization with your team. Developers can now see an overview of their security status across all their images from both Docker Hub and Artifactory, and get remediation advice at their fingertips. It helps team members in roles such as security, compliance, and operations to know what vulnerabilities and issues they need to focus on. ## Overview -![A screenshot of the Docker Scout vulnerabilities overview](./images/dashboard-overview.png) +![A screenshot of the Docker Scout Dashboard overview](./images/dashboard-overview.webp?border=true) -The **Overview** tab shows the total number of vulnerabilities across all your Docker Scout-enabled repositories, over time. This calculation takes the most recent image in each repository to avoid including old irrelevant images. +The **Overview** tab provides a summary for the repositories in the selected +organization. -## Repository settings +At the top of this page, you can select which **Environment** to view. +By default, the most recently pushed images are shown. To learn more about +environments, see [Environment monitoring](./integrations/environment/_index.md). -Enable Docker Scout analysis on repositories from Docker Hub in the current organization -by selecting the settings icon next to your user profile picture and then the **Repository settings** menu item. +The **Policy** boxes show your current compliance rating for each policy, and a +trend indication for the selected environment. The trend describes the policy +delta for the most recent images compared to the previous version. +For more information about policies, see [Policy Evaluation](./policy/_index.md). -Select the checkboxes for the repositories on which you want to enable Docker Scout analysis and -select **Enable image analysis**. +The vulnerability chart shows the total number of vulnerabilities for images in +the selected environment over time. You can configure the timescale for the +chart using the drop-down menu. -When you enable image analysis for a repository, Docker Scout analyzes new tags -automatically when you push to that repository. Find out more in the [image analysis](./image-analysis.md) documentation. +Use the header menu at the top of the website to access the different main +sections of the Docker Scout Dashboard: -Disable Docker Scout analysis on selected repositories by selecting **Disable image analysis**. +- [Images](#images) +- [Policies](#policies) +- [Vulnerabilities](#vulnerabilities) +- [Base images](#base-images) +- [Packages](#packages) ## Images -The **Images** tab shows a list of images in an organization. You can search for specific repositories using the search box. +The **Images** view shows a list of images in an organization. You can search +for specific repositories using the search box. Each entry in the list shows the following details: - The repository name for the image. Selecting the link for the repository opens [the list of tags for the repository](#repository-tag-list). -- The most recent tag of the image and the vulnerabilities for that version. Selecting the link for the base image opens [the image layer view](#image-layer-view). +- The most recent tag of the image in the selected environment. Selecting the link for the base image opens [the image details view](#image-details-view). - The operating system and architecture of the image. - The date of the last push for the image. -- The base image and version used by the repository and the vulnerabilities for that version. Clicking the link for the base image opens [the image layer view](#image-layer-view). - - > **Note** - > - > Docker Scout detects the base image of an image by matching layer content hashes. - > However, it's possible for multiple images and tags to be associated with these layers. In these cases, Docker Scout's - > base image detection might not be precise and potentially return a different tag to the one used in the Dockerfile. - -- The recommended fixes, which can include options such as changing tags or rebuilding an image. -- The predicted improvement to the vulnerabilities if you apply the recommended fixes. -- An action button to show implementable recommended fixes. +- The vulnerabilities for the most recent image version. +- Policy status, including the change for the most recent version, and a link to more details for non-compliant images. ### Repository tag list -![Screenshot of tags for a repository](./images/dashboard-repo-tags.png) +![Screenshot of tags for a repository](./images/dashboard-repo-tags.webp?border=true) -The repository tag list shows all tags for a repository. You can search for specific tag versions using the search box. +There are two tabs on this page: + +- The **Policy** tab displays the policy delta for the latest version of the + image. +- The **Tags** tab contains the repository tag list, and shows all tags for the + repository. + +In the **Tags** tab, you can filter the list by environment, or by tag or +digest using the search box. Each entry in the list shows the following details: @@ -68,28 +76,48 @@ Each entry in the list shows the following details: > Compare two image tags by selecting the checkboxes next to them and selecting the **Compare images** button at the top of the list. { .tip } -- The tag version. Clicking the link for version opens [the image layer view](#image-layer-view). +- The tag version or image digest. Clicking the link for version opens [the image layer view](#image-details-view). +- The [environments](./integrations/environment/_index.md) that the image is assigned to. - The operating system and architecture of the image. - The vulnerabilities for the tag version. - The last push for the tag version. -- The base image and version used by the repository and the vulnerabilities for - that version. -- The size of the image tag. +- The base image and version used by the repository and the vulnerabilities for that version. -#### Comparing two tag images +#### Compare images -The top section of the comparison view shows an overview of the two selected image tags. +You can compare two or more images in the list. Mark the image versions that +you want to compare, and select **Compare images**. -The tabs section of the view shows the following: +The top section of the comparison view shows an overview of the two selected +image tags. The tabs section of the view shows the following: - Select the **Packages** tab to see packages added, removed, or changed in each image. Each entry in the table shows the differences between the versions and vulnerabilities in each image. Select the disclosure triangle next to a package to see more detail on the vulnerabilities changed. - Select the **Vulnerabilities** tab to see changes to the vulnerabilities present in each image. -### Image layer view +### Image details view -![Screenshot showing Docker Scout image hierarchy](./images/dashboard-hierachy.png) +Selecting an image tag takes you to the image details view. This view contains +two tabs that let you drill down into the details of the composition and +policy compliance for the image: **Policy status** and **Image layers**. -The image layer view shows a breakdown of the Docker Scout analysis, including +{{< tabs >}} +{{< tab name="Policy status" >}} + +![Screenshot of the policy tab in the image details view](./images/dashboard-image-policies.webp?border=true) + +The policy tab shows you the policy evaluation results for the image. Use the +**View details** and **View fixes** links to the right to view the full +evaluation results, and learn how to improve compliance score for non-compliant +images. + +For more information about policy, see [Policy Evaluation](./policy/_index.md). + +{{< /tab >}} +{{< tab name="Image layers" >}} + +![Screenshot showing Docker Scout image layers](./images/dashboard-image-layers.webp?border=true) + +The layer view shows a breakdown of the Docker Scout analysis, including an overview of the digest Secure Hash Algorithms (SHA), version, the image hierarchy (base images), image layers, packages, and vulnerabilities. @@ -97,22 +125,24 @@ layers, packages, and vulnerabilities. > > You can find more details on the elements in the image layer view in [the image details view docs](./image-details-view.md). -Select the **View recommended fixes** button to see instructions to apply the recommended fixes for the image. +{{< /tab >}} +{{< /tabs >}} -## Packages +## Policies -The **Packages** tab shows all packages across repositories in an organization. +![A screenshot of the Docker Scout policies view](./images/dashboard-policies-view.webp?border=true) -Each entry in the list shows the following details: +The **Policies** view shows a breakdown of policy compliance for all of the +images in the selected organization and environment. You can use the **Image** +drop-down menu to view a policy breakdown for a specific environment. -- The package name. -- The package type. -- The versions of the package used by images in the organization. -- The number of images that use the package. +For more information about policies, see [Policy Evaluation](./policy/_index.md). ## Base images -The **Base images** tab shows all base images used by repositories in an organization. +![A screenshot of the Docker Scout view showing base images used](./images/dashboard-base-images.webp?border=true) + +The **Base images** view shows all base images used by repositories in an organization. Each entry in the list shows the following details: @@ -123,22 +153,33 @@ Each entry in the list shows the following details: ### Images using base image -![A screenshot of the Docker Scout view showing images that use a selected base image](./images/dashboard-images-used-by.png) - The **Images** tab shows all images in an organization that use a specific base image. Each entry in the list shows the following details: - The repository name. Selecting the link opens [the list of tags for the repository](#repository-tag-list). -- The most recent tag of the image and its vulnerabilities. Selecting the link for the tag opens [the Image layer detail view](#image-layer-view) for the repository. +- The most recent tag of the image and its vulnerabilities. Selecting the link for the tag opens [the Image layer detail view](#image-details-view) for the repository. - The operating system and architecture of the image. -- The base image tag used by the repository. Selecting the link opens [the image layer detail view](#image-layer-view) for that version. +- The base image tag used by the repository. Selecting the link opens [the image layer detail view](#image-details-view) for that version. - The current base image digest for the repository. - The date of the last push for the repository. +## Packages + +The **Packages** view shows all packages across repositories in an organization. + +Each entry in the list shows the following details: + +- The package name. +- The package type. +- The versions of the package used by images in the organization. +- The number of images that use the package. + ## Vulnerabilities -The **Vulnerabilities** tab shows a list of all vulnerabilities from images in the organization. You can sort and filter the list by severity and search for Common Vulnerabilities and Exposures (CVE) ID using the search box. +The **Vulnerabilities** view shows a list of all vulnerabilities from images in +the organization. You can sort and filter the list by severity and search for +Common Vulnerabilities and Exposures (CVE) ID using the search box. Each entry in the list shows the following details: @@ -158,17 +199,51 @@ Each entry in the list shows the following details: ### Vulnerability details page -The vulnerability details page shows detailed information about a particular CVE. The page shows the following information: +The vulnerability details page shows detailed information about a particular +CVE. This page is a publicly open page. You can share the link to a particular +CVE description with other people even if they're not a member of your Docker +organization. + +The page shows the following information: - The CVE ID and severity. - A description of the vulnerability. - The number of packages affected by the vulnerability. - The vulnerability publish date. -Following this information is a list of all repositories affected by the vulnerability, searchable by image name. Each entry in the list shows the following details: +Following this information is a list of all repositories affected by the +vulnerability, searchable by image name. Each entry in the list shows the +following details: - The repository name. Selecting the link for the repository name opens [the repository tag list view](#repository-tag-list). -- The current tag version of the image. Selecting the link for the tag name opens [the repository tag list layer view](#image-layer-view). +- The current tag version of the image. Selecting the link for the tag name opens [the repository tag list layer view](#image-details-view). - The date the image was last pushed. - The registry where the image is stored. - The affected package name and version in the image. + +## Settings + +The settings menu under the drop-down in the website header contains link to go +to the [Integrations](#integrations) page and [Repository +settings](#repository-settings). + +### Integrations + +The **Integrations** page lets you create and manage your Docker Scout +integrations, such as environment integrations and registry integrations. For +more information on how to get started with integrations, see [Integrating +Docker Scout with other systems](./integrations/_index.md). + +### Repository settings + +The **Repository settings** is where you enable and disable Docker Scout for +repositories in your organization. + +To enable repositories, select the checkboxes for the repositories on which you +want to enable Docker Scout analysis and select **Enable image analysis**. + +When you enable image analysis for a repository, Docker Scout analyzes new tags +automatically when you push to that repository. + +Disable Docker Scout analysis on selected repositories by selecting **Disable +image analysis**. diff --git a/content/scout/data-handling.md b/content/scout/data-handling.md index f128934f17..7e1b4e7f00 100644 --- a/content/scout/data-handling.md +++ b/content/scout/data-handling.md @@ -4,8 +4,6 @@ keywords: scanning, supply chain, security, data, metadata title: Data collection and storage in Docker Scout --- -{{< include "scout-early-access.md" >}} - Docker Scout image analysis works by collecting metadata from the container images that you analyze. This metadata is stored on the Docker Scout platform. diff --git a/content/scout/image-analysis.md b/content/scout/image-analysis.md index edadd01db2..8a98b8df03 100644 --- a/content/scout/image-analysis.md +++ b/content/scout/image-analysis.md @@ -8,8 +8,6 @@ aliases: - /scout/advanced-image-analysis/ --- -{{< include "scout-early-access.md" >}} - When you activate image analysis for a repository, Docker Scout analyzes new images automatically when you push to that repository. Docker Scout image analysis is more than point-in-time scanning, the analysis gets reevaluated diff --git a/content/scout/image-details-view.md b/content/scout/image-details-view.md index 9643abb2c8..e4a4c1841a 100644 --- a/content/scout/image-details-view.md +++ b/content/scout/image-details-view.md @@ -6,8 +6,6 @@ description: The Docker Scout image detail view analyzes images to show their he layers, packages, and vulnerabilities --- -{{< include "scout-early-access.md" >}} - The image details view shows a breakdown of the Docker Scout analysis. You can access the image view from within Docker Desktop and from the image tag page on Docker Hub. The view provides a breakdown of the image hierarchy (base @@ -155,4 +153,4 @@ one to use. Select a tag recommendation to see further details of the recommendation. It shows the benefits and potential disadvantages of the tag, why it's a -recommended, and how to update your Dockerfile to use this version. \ No newline at end of file +recommended, and how to update your Dockerfile to use this version. diff --git a/content/scout/images/dashboard-base-images.webp b/content/scout/images/dashboard-base-images.webp new file mode 100644 index 0000000000..63a7612d93 Binary files /dev/null and b/content/scout/images/dashboard-base-images.webp differ diff --git a/content/scout/images/dashboard-hierachy.png b/content/scout/images/dashboard-hierachy.png deleted file mode 100644 index 50d28a99b0..0000000000 Binary files a/content/scout/images/dashboard-hierachy.png and /dev/null differ diff --git a/content/scout/images/dashboard-image-layers.webp b/content/scout/images/dashboard-image-layers.webp new file mode 100644 index 0000000000..a1a52136f8 Binary files /dev/null and b/content/scout/images/dashboard-image-layers.webp differ diff --git a/content/scout/images/dashboard-image-policies.webp b/content/scout/images/dashboard-image-policies.webp new file mode 100644 index 0000000000..a9abd0b03a Binary files /dev/null and b/content/scout/images/dashboard-image-policies.webp differ diff --git a/content/scout/images/dashboard-images-used-by.png b/content/scout/images/dashboard-images-used-by.png deleted file mode 100644 index 9e748dbc70..0000000000 Binary files a/content/scout/images/dashboard-images-used-by.png and /dev/null differ diff --git a/content/scout/images/dashboard-overview.png b/content/scout/images/dashboard-overview.png deleted file mode 100644 index f2b7fd74a0..0000000000 Binary files a/content/scout/images/dashboard-overview.png and /dev/null differ diff --git a/content/scout/images/dashboard-overview.webp b/content/scout/images/dashboard-overview.webp new file mode 100644 index 0000000000..6f094026d0 Binary files /dev/null and b/content/scout/images/dashboard-overview.webp differ diff --git a/content/scout/images/dashboard-policies-view.webp b/content/scout/images/dashboard-policies-view.webp new file mode 100644 index 0000000000..460465fe30 Binary files /dev/null and b/content/scout/images/dashboard-policies-view.webp differ diff --git a/content/scout/images/dashboard-repo-tags.png b/content/scout/images/dashboard-repo-tags.png deleted file mode 100644 index d1c54cd90a..0000000000 Binary files a/content/scout/images/dashboard-repo-tags.png and /dev/null differ diff --git a/content/scout/images/dashboard-repo-tags.webp b/content/scout/images/dashboard-repo-tags.webp new file mode 100644 index 0000000000..1d6b19d2ff Binary files /dev/null and b/content/scout/images/dashboard-repo-tags.webp differ diff --git a/content/scout/images/release-notes/artifactory-agent.gif b/content/scout/images/release-notes/artifactory-agent.gif new file mode 100644 index 0000000000..eaa7b6c3f9 Binary files /dev/null and b/content/scout/images/release-notes/artifactory-agent.gif differ diff --git a/content/scout/images/release-notes/policy-ea.webp b/content/scout/images/release-notes/policy-ea.webp new file mode 100644 index 0000000000..283c689e3f Binary files /dev/null and b/content/scout/images/release-notes/policy-ea.webp differ diff --git a/content/scout/integrations/_index.md b/content/scout/integrations/_index.md index 00edc1c00c..bf4b1646d0 100644 --- a/content/scout/integrations/_index.md +++ b/content/scout/integrations/_index.md @@ -4,8 +4,6 @@ keywords: supply chain, security, integrations, registries, ci, environments title: Integrating Docker Scout with other systems --- -{{< include "scout-early-access.md" >}} - By default, Docker Scout integrates with your Docker organization and your Docker Scout-enabled repositories on Docker Hub. You can integrate Docker Scout with additional third-party systems to get access to even more insights, diff --git a/content/scout/integrations/ci/_index.md b/content/scout/integrations/ci/_index.md index 11cb253d39..5ec0697cb5 100644 --- a/content/scout/integrations/ci/_index.md +++ b/content/scout/integrations/ci/_index.md @@ -7,8 +7,6 @@ aliases: - /scout/ci/ --- -{{< include "scout-early-access.md" >}} - You can analyze Docker images in continuous integration pipelines as you build them using a GitHub action or the Docker Scout CLI plugin. diff --git a/content/scout/integrations/ci/azure.md b/content/scout/integrations/ci/azure.md index 06fcff2054..dc39de37e5 100644 --- a/content/scout/integrations/ci/azure.md +++ b/content/scout/integrations/ci/azure.md @@ -4,10 +4,8 @@ keywords: supply chain, security, ci, continuous integration, azure, devops title: Integrate Docker Scout with Microsoft Azure DevOps Pipelines --- -{{< include "scout-early-access.md" >}} - -The following examples runs in an Azure DevOps-connected repository containing a -Docker image's definition and contents. Triggered by a commit to the main +The following examples runs in an Azure DevOps-connected repository containing +a Docker image's definition and contents. Triggered by a commit to the main branch, the pipeline builds the image and uses Docker Scout to create a CVE report. @@ -64,4 +62,4 @@ stages: This creates the flow mentioned previously. It builds and tags the image using the checked-out Dockerfile, downloads the Docker Scout CLI, and then runs the `cves` command against the new tag to generate a CVE report. It only shows -critical or high-severity vulnerabilities. \ No newline at end of file +critical or high-severity vulnerabilities. diff --git a/content/scout/integrations/ci/circle-ci.md b/content/scout/integrations/ci/circle-ci.md index d3e15e4e3b..7f0526d1d8 100644 --- a/content/scout/integrations/ci/circle-ci.md +++ b/content/scout/integrations/ci/circle-ci.md @@ -4,8 +4,6 @@ keywords: supply chain, security, ci, continuous integration, circle ci title: Integrate Docker Scout with Circle CI --- -{{< include "scout-early-access.md" >}} - The following examples runs when triggered in CircleCI. When triggered, it checks out the "docker/scout-demo-service:latest" image and tag and then uses Docker Scout to create a CVE report. @@ -73,4 +71,4 @@ workflows: build-docker-image: jobs: - build -``` \ No newline at end of file +``` diff --git a/content/scout/integrations/ci/gha.md b/content/scout/integrations/ci/gha.md index d00a517f78..d52dc15a90 100644 --- a/content/scout/integrations/ci/gha.md +++ b/content/scout/integrations/ci/gha.md @@ -4,8 +4,6 @@ keywords: supply chain, security, ci, continuous integration, github actions title: Integrate Docker Scout with GitHub Actions --- -{{< include "scout-early-access.md" >}} - You can use [the Docker Scout GitHub action](https://github.com/docker/scout-action) to run Docker Scout CLI commands as part of a workflow. diff --git a/content/scout/integrations/ci/gitlab.md b/content/scout/integrations/ci/gitlab.md index 43f6516316..9b3b819238 100644 --- a/content/scout/integrations/ci/gitlab.md +++ b/content/scout/integrations/ci/gitlab.md @@ -4,8 +4,6 @@ keywords: supply chain, security, ci, continuous integration, gitlab title: Integrate Docker Scout with GitLab CI --- -{{< include "scout-early-access.md" >}} - The following examples runs in GitLab CI in a repository containing a Docker image's definition and contents. Triggered by a commit, the pipeline builds the image. If the commit was to the default branch, it uses Docker Scout to get a @@ -90,4 +88,4 @@ Dockerfile and if the commit was to the CI branch. _The following is a video walkthrough of the process of setting up the workflow with GitLab._ -
\ No newline at end of file +
diff --git a/content/scout/integrations/ci/jenkins.md b/content/scout/integrations/ci/jenkins.md index 4396767abb..17f0a2dfae 100644 --- a/content/scout/integrations/ci/jenkins.md +++ b/content/scout/integrations/ci/jenkins.md @@ -4,8 +4,6 @@ keywords: supply chain, security, ci, continuous integration, jenkins title: Integrate Docker Scout with Jenkins --- -{{< include "scout-early-access.md" >}} - You can add the following stage and steps definition to a `Jenkinsfile` to run Docker Scout as part of a Jenkins pipeline. The pipeline needs two secrets defined to authenticate with Docker Hub: `DOCKER_HUB_USER` and `DOCKER_HUB_PAT` diff --git a/content/scout/integrations/environment/_index.md b/content/scout/integrations/environment/_index.md index b5436677c9..c6f41de32d 100644 --- a/content/scout/integrations/environment/_index.md +++ b/content/scout/integrations/environment/_index.md @@ -6,8 +6,6 @@ keywords: supply chain, security, streams, environments, workloads, deployments title: Integrating Docker Scout with environments --- -{{< include "scout-early-access.md" >}} - You can integrate Docker Scout with your runtime environments, and get insights for your running workloads. This gives you a real-time view of your security status for your deployed artifacts. diff --git a/content/scout/integrations/registry/artifactory.md b/content/scout/integrations/registry/artifactory.md index cab4ce49b0..bc634890fc 100644 --- a/content/scout/integrations/registry/artifactory.md +++ b/content/scout/integrations/registry/artifactory.md @@ -6,8 +6,6 @@ aliases: - /scout/artifactory/ --- -{{< include "scout-early-access.md" >}} - Integrating Docker Scout with JFrog Artifactory lets you run image analysis automatically on images in Artifactory registries. diff --git a/content/scout/integrations/registry/ecr.md b/content/scout/integrations/registry/ecr.md index 232c4bd295..ca95be7f1c 100644 --- a/content/scout/integrations/registry/ecr.md +++ b/content/scout/integrations/registry/ecr.md @@ -4,8 +4,6 @@ keywords: docker scout, ecr, integration, image analysis, security, cves title: Integrate Docker Scout with Amazon ECR --- -{{< include "scout-early-access.md" >}} - Integrating Docker Scout with Amazon Elastic Container Registry (ECR) lets you view image insights for images hosted in ECR repositories. After integrating Docker Scout with ECR and activating Docker Scout for a repository, pushing an diff --git a/content/scout/local-fs.md b/content/scout/local-fs.md index 7c6c0c7326..4646187d4d 100644 --- a/content/scout/local-fs.md +++ b/content/scout/local-fs.md @@ -4,8 +4,6 @@ description: Analyze and compare local code using Docker Scout on the command li keywords: scout, vulnerabilities, analyze, analysis, cli, packages, sbom, cve, security, local, source, code, supply chain --- -{{< include "scout-early-access.md" >}} - You can use the `fs://` protocol prefix with Docker Scout CLI commands to analyze your local source code directly, without having to build and push container images. The following commands support the `fs://` prefix: diff --git a/content/scout/policy/_index.md b/content/scout/policy/_index.md index f0d3ad7498..7f8a7c9f2c 100644 --- a/content/scout/policy/_index.md +++ b/content/scout/policy/_index.md @@ -7,14 +7,10 @@ description: | requirements over time --- -> **Beta** +> **Early Access** > -> Policy Evaluation is a [Beta](/release-lifecycle/#beta) feature of Docker -> Scout. This feature is available to organizations participating in the -> limited preview program for policies. -> -> If you're interested in trying out this feature, reach out using the form on -> the [Docker Scout product page](https://docker.com/products/docker-scout) +> Policy Evaluation is an [Early Access](/release-lifecycle/#early-access-ea) +> feature of Docker Scout. { .restricted } In software supply chain management, maintaining the security and reliability diff --git a/content/scout/policy/view.md b/content/scout/policy/view.md index f604438909..76708fa001 100644 --- a/content/scout/policy/view.md +++ b/content/scout/policy/view.md @@ -6,14 +6,10 @@ description: | keywords: scout, policy, status, vulnerabilities, supply chain, cves, licenses --- -> **Beta** +> **Early Access** > -> Policy Evaluation is a [Beta](/release-lifecycle/#beta) feature of Docker -> Scout. This feature is available to organizations participating in the -> limited preview program for policies. -> -> If you're interested in trying out this feature, reach out using the form on -> the [Docker Scout product page](https://docker.com/products/docker-scout) +> Policy Evaluation is an [Early Access](/release-lifecycle/#early-access-ea) +> feature of Docker Scout. { .restricted } You can track policy status for your artifacts from the [Docker Scout diff --git a/content/scout/quickstart.md b/content/scout/quickstart.md index d4193df375..22f541a16e 100644 --- a/content/scout/quickstart.md +++ b/content/scout/quickstart.md @@ -6,8 +6,6 @@ aliases: - /atomist/get-started/ --- -{{< include "scout-early-access.md" >}} - Docker Scout analyzes image contents and generates a detailed report of packages and vulnerabilities that it detects. It can provide you with suggestions for how to remediate issues discovered by image analysis. diff --git a/content/scout/release-notes.md b/content/scout/release-notes.md new file mode 100644 index 0000000000..9f7d573b48 --- /dev/null +++ b/content/scout/release-notes.md @@ -0,0 +1,95 @@ +--- +title: Docker Scout release notes +description: Learn about the latest features of Docker Scout +keywords: docker scout, release notes, changelog, features, changes, delta, new, releases +--- + +This page contains information about the new features, improvements, known +issues, and bug fixes in Docker Scout releases. These release notes cover the +Docker Scout platform, including the Dashboard. For CLI release notes, refer to +the `docker/scout-cli` [GitHub repository](https://github.com/docker/scout-cli/releases). + +Take a look at the [Docker Public Roadmap](https://github.com/docker/roadmap/projects/1) +for what's coming next. + +## 2023-10-04 + +This marks the General Availability (GA) release of Docker Scout. + +### New + +The following new features are included in this release: + +- [Policy Evaluation](#policy-evaluation) (Early Access) +- [Amazon ECR integration](#amazon-ecr-integration) +- [Sysdig integration](#sysdig-integration) +- [JFrog Artifactory integration](#jfrog-artifactory-integration) + +#### Policy evaluation + +Policy Evaluation is an early access feature that helps you ensure software +integrity and track how your artifacts are doing over time. This release ships +with four out-of-the-box policies, enabled by default for all organizations. + +![Policy overview in Dashboard](./images/release-notes/policy-ea.webp) + +- **Base images not up-to-date** evaluates whether the base images are out of + date, and require updating. Up-to-date base images help you ensure that your + environments are reliable and secure. +- **Critical and high vulnerabilities with fixes** reports if there are + vulnerabilities with critical or high severity in your images, and where + there's a fix version available that you can upgrade to. +- **All critical vulnerabilities** looks out for any vulnerabilities of + critical severity found in your images. +- **Packages with AGPLv3, GPLv3 license** helps you catch possibly unwanted + copyleft licenses used in your images. + +You can view and evaluate policy status for images using the Docker Scout +Dashboard and the `docker scout policy` CLI command. For more information, +refer to the [Policy Evaluation documentation](./policy/_index.md). + +#### Amazon ECR integration + +The new Amazon Elastic Container Registry (ECR) integration enables image +analysis for images hosted in ECR repositories. + +You set up the integration using a pre-configured CloudFormation stack template +that bootstraps the necessary AWS resources in your account. Docker Scout +automatically analyzes images that you push to your registry, storing only the +metadata about the image contents, and not the container images themselves. + +The integration offers a straightforward process for adding additional +repositories, activating Docker Scout for specific repositories, and removing +the integration if needed. To learn more, refer to the [Amazon ECR integration +documentation](./integrations/registry/ecr.md). + +#### Sysdig integration + +The new Sysdig integration gives you real-time security insights for your +Kubernetes runtime environments. + +Enabling this integration helps you address and prioritize risks for images +used to run your production workloads. It also helps reduce monitoring noise, +by automatically excluding vulnerabilities in programs that are never loaded +into memory, using VEX documents. + +For more information and getting started, see [Sysdig integration +documentation](./integrations/environment/sysdig.md). + +#### JFrog Artifactory integration + +The new JFrog Artifactory integration enables automatic image analysis on +Artifactory registries. + +![Animation of how to integrate Artifactory](./images/release-notes/artifactory-agent.gif) + +The integration involves deploying a Docker Scout Artifactory agent that polls +for new images, performs analysis, and uploads results to Docker Scout, all +while preserving the integrity of image data. Learn more in the [Artifactory +integration documentation](./integrations/registry/artifactory.md) + +### Known limitations + +- Image analysis only works for Linux images +- Docker Scout can't process images larger than 12GB in compressed size +- Creating an image SBOM (part of image analysis) has a timeout limit of 4 minutes diff --git a/content/subscription/scout-details.md b/content/subscription/scout-details.md index a6caf39e4d..24bdc8d246 100644 --- a/content/subscription/scout-details.md +++ b/content/subscription/scout-details.md @@ -4,8 +4,6 @@ description: Learn about the Docker Scout subscriptions plans and features keywords: subscription, free, team, business, features --- -{{< include "scout-early-access.md" >}} - This page provides an overview of the subscription plans for Docker Scout. To compare features available for each plan, see [Docker Scout Pricing](https://docker.com/products/docker-scout). ## Docker Scout Free @@ -40,4 +38,4 @@ Docker Scout Business includes: - All the features available in Docker Scout Team - Unlimited Docker Scout-enabled repositories -You can [contact sales](https://www.docker.com/products/docker-scout/) to buy Docker Scout Business. \ No newline at end of file +You can [contact sales](https://www.docker.com/products/docker-scout/) to buy Docker Scout Business. diff --git a/data/toc.yaml b/data/toc.yaml index 5fc6626601..72b936d7e4 100644 --- a/data/toc.yaml +++ b/data/toc.yaml @@ -616,7 +616,7 @@ Reference: title: docker run - path: /engine/reference/commandline/save/ title: docker save - - sectiontitle: docker scout (Early Access) + - sectiontitle: docker scout section: - path: /engine/reference/commandline/scout/ title: docker scout @@ -1367,6 +1367,68 @@ Manuals: path: /desktop/extensions-sdk/dev/api/dashboard-routes-navigation/ - title: API Reference path: /desktop/extensions-sdk/dev/api/reference/README/ + +- sectiontitle: Docker Scout + section: + - path: /scout/ + title: Overview + - path: /scout/quickstart/ + title: Quickstart + - sectiontitle: Explore Docker Scout + section: + - path: /scout/dashboard/ + title: Dashboard + - path: /scout/image-details-view/ + title: Image details view + - path: /scout/image-analysis/ + title: Image analysis + - path: /scout/local-fs/ + title: Analyze local files + - path: /scout/sbom/ + title: SBOM + - path: /scout/advisory-db-sources/ + title: Advisory database + - path: /scout/data-handling/ + title: Data handling + - sectiontitle: Policy Evaluation + section: + - path: /scout/policy/ + title: Overview + - path: /scout/policy/view/ + title: View policy status + - sectiontitle: Integrations + section: + - title: Overview + path: /scout/integrations/ + - sectiontitle: Environment monitoring + section: + - title: Overview + path: /scout/integrations/environment/ + - title: Sysdig + path: /scout/integrations/environment/sysdig/ + - title: Generic + path: /scout/integrations/environment/cli/ + - sectiontitle: Container registries + section: + - title: Artifactory + path: /scout/integrations/registry/artifactory/ + - title: Elastic Container Registry + path: /scout/integrations/registry/ecr/ + - sectiontitle: Continuous integration + section: + - title: GitHub Actions + path: /scout/integrations/ci/gha/ + - title: GitLab + path: /scout/integrations/ci/gitlab/ + - title: Microsoft Azure DevOps Pipelines + path: /scout/integrations/ci/azure/ + - title: Circle CI + path: /scout/integrations/ci/circle-ci/ + - title: Jenkins + path: /scout/integrations/ci/jenkins/ + - path: /scout/release-notes/ + title: Release notes + - sectiontitle: Docker Engine section: - path: /engine/ @@ -1972,63 +2034,6 @@ Manuals: - path: /docker-hub/release-notes/ title: Release notes -- sectiontitle: Docker Scout (Early Access) - section: - - path: /scout/ - title: Overview - - path: /scout/quickstart/ - title: Quickstart - - path: /scout/image-details-view/ - title: Image details view - - path: /scout/image-analysis/ - title: Image analysis - - path: /scout/dashboard/ - title: Dashboard - - path: /scout/local-fs/ - title: Analyze local files - - path: /scout/advisory-db-sources/ - title: Advisory database - - path: /scout/data-handling/ - title: Data handling - - path: /scout/sbom/ - title: SBOM - - sectiontitle: Policy - section: - - path: /scout/policy/ - title: Overview - - path: /scout/policy/view/ - title: View policy status - - sectiontitle: Integrations - section: - - title: Overview - path: /scout/integrations/ - - sectiontitle: Environment monitoring - section: - - title: Overview - path: /scout/integrations/environment/ - - title: Sysdig - path: /scout/integrations/environment/sysdig/ - - title: Generic - path: /scout/integrations/environment/cli/ - - sectiontitle: Container registries - section: - - title: Artifactory - path: /scout/integrations/registry/artifactory/ - - title: Elastic Container Registry - path: /scout/integrations/registry/ecr/ - - sectiontitle: Continuous integration - section: - - title: GitHub Actions - path: /scout/integrations/ci/gha/ - - title: GitLab - path: /scout/integrations/ci/gitlab/ - - title: Microsoft Azure DevOps Pipelines - path: /scout/integrations/ci/azure/ - - title: Circle CI - path: /scout/integrations/ci/circle-ci/ - - title: Jenkins - path: /scout/integrations/ci/jenkins/ - - sectiontitle: Docker Admin (Early Access) section: - path: /admin/ diff --git a/layouts/_default/_markup/render-image.html b/layouts/_default/_markup/render-image.html index eaa74ffc27..8d112c6c12 100644 --- a/layouts/_default/_markup/render-image.html +++ b/layouts/_default/_markup/render-image.html @@ -6,6 +6,7 @@ {{ $params := (urls.Parse $imagePath).Query }} {{ $width := index $params "w" }} {{ $height := index $params "h" }} +{{ $border := index $params "border" }}